aboutsummaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Verify/DB.pm
diff options
context:
space:
mode:
authormkanat%bugzilla.org <>2006-05-12 09:40:56 +0000
committermkanat%bugzilla.org <>2006-05-12 09:40:56 +0000
commitd9cbb0f0a62bba345ed26ac68364bb441f41d35d (patch)
tree415d30523fb728a3192970a6d2b168b095f260dc /Bugzilla/Auth/Verify/DB.pm
parentd7447bf95827d7e9da681d496a192fffbc2810a4 (diff)
downloadbugs-d9cbb0f0a62bba345ed26ac68364bb441f41d35d.tar
bugs-d9cbb0f0a62bba345ed26ac68364bb441f41d35d.tar.gz
bugs-d9cbb0f0a62bba345ed26ac68364bb441f41d35d.tar.bz2
bugs-d9cbb0f0a62bba345ed26ac68364bb441f41d35d.tar.xz
bugs-d9cbb0f0a62bba345ed26ac68364bb441f41d35d.zip
Bug 300410: Bugzilla::Auth needs to be restructured to not require a BEGIN block
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
Diffstat (limited to 'Bugzilla/Auth/Verify/DB.pm')
-rw-r--r--Bugzilla/Auth/Verify/DB.pm96
1 files changed, 25 insertions, 71 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index 405a737b8..88ad78d54 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -28,97 +28,51 @@
# Erik Stambaugh <erik@dasbistro.com>
package Bugzilla::Auth::Verify::DB;
-
use strict;
+use base qw(Bugzilla::Auth::Verify);
-use Bugzilla::Config;
use Bugzilla::Constants;
+use Bugzilla::Token;
use Bugzilla::Util;
use Bugzilla::User;
-my $edit_options = {
- 'new' => 1,
- 'userid' => 0,
- 'login_name' => 1,
- 'realname' => 1,
-};
+sub check_credentials {
+ my ($self, $login_data) = @_;
+ my $dbh = Bugzilla->dbh;
-sub can_edit {
- my ($class, $type) = @_;
- return $edit_options->{$type};
-}
+ my $username = $login_data->{username};
+ my $user_id = login_to_id($username);
-sub authenticate {
- my ($class, $username, $passwd) = @_;
+ return { failure => AUTH_NO_SUCH_USER } unless $user_id;
- return (AUTH_NODATA) unless defined $username && defined $passwd;
+ $login_data->{bz_username} = $username;
+ my $password = $login_data->{password};
- my $userid = Bugzilla::User::login_to_id($username);
- return (AUTH_LOGINFAILED) unless $userid;
+ trick_taint($username);
+ my ($real_password_crypted) = $dbh->selectrow_array(
+ "SELECT cryptpassword FROM profiles WHERE userid = ?",
+ undef, $user_id);
- return (AUTH_LOGINFAILED, $userid)
- unless $class->check_password($userid, $passwd);
+ # Using the internal crypted password as the salt,
+ # crypt the password the user entered.
+ my $entered_password_crypted = crypt($password, $real_password_crypted);
+
+ return { failure => AUTH_LOGINFAILED }
+ if $entered_password_crypted ne $real_password_crypted;
# The user's credentials are okay, so delete any outstanding
# password tokens they may have generated.
- require Bugzilla::Token;
- Bugzilla::Token::DeletePasswordTokens($userid, "user_logged_in");
-
- # Account may have been disabled
- my $disabledtext = $class->get_disabled($userid);
- return (AUTH_DISABLED, $userid, $disabledtext)
- if $disabledtext ne '';
-
- return (AUTH_OK, $userid);
-}
-
-sub get_disabled {
- my ($class, $userid) = @_;
- my $dbh = Bugzilla->dbh;
- my $sth = $dbh->prepare_cached("SELECT disabledtext FROM profiles " .
- "WHERE userid=?");
- my ($text) = $dbh->selectrow_array($sth, undef, $userid);
- return $text;
-}
-
-sub check_password {
- my ($class, $userid, $passwd) = @_;
- my $dbh = Bugzilla->dbh;
- my $sth = $dbh->prepare_cached("SELECT cryptpassword FROM profiles " .
- "WHERE userid=?");
- my ($realcryptpwd) = $dbh->selectrow_array($sth, undef, $userid);
-
- # Get the salt from the user's crypted password.
- my $salt = $realcryptpwd;
-
- # Using the salt, crypt the password the user entered.
- my $enteredCryptedPassword = crypt($passwd, $salt);
+ Bugzilla::Token::DeletePasswordTokens($user_id, "user_logged_in");
- return $enteredCryptedPassword eq $realcryptpwd;
+ return $login_data;
}
sub change_password {
- my ($class, $userid, $password) = @_;
+ my ($self, $user, $password) = @_;
my $dbh = Bugzilla->dbh;
my $cryptpassword = bz_crypt($password);
- $dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?",
- undef, $cryptpassword, $userid);
+ $dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?",
+ undef, $cryptpassword, $user->id);
}
1;
-
-__END__
-
-=head1 NAME
-
-Bugzilla::Auth::Verify::DB - database authentication for Bugzilla
-
-=head1 SUMMARY
-
-This is an L<authentication module|Bugzilla::Auth/"AUTHENTICATION"> for
-Bugzilla, which logs the user in using the password stored in the C<profiles>
-table. This is the most commonly used authentication module.
-
-=head1 SEE ALSO
-
-L<Bugzilla::Auth>